CVE-2017-6344
MEDIUMGrails PDF Plugin 0.6 - XML External Entity Injection
Title source: llmDescription
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.ambionics.io/blog/grails-pdf-plugin-xxe
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96446
Scores
CVSS v3
5.9
EPSS
0.0123
EPSS Percentile
65.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
grails/pdf_plugin
0.6
Published
Feb 27, 2017
Tracked Since
Feb 18, 2026